You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I’m using Mise together with Fnox to manage secrets as environment variables.
After experimenting a bit, my current workaround is the following:
• I create a local fnox.toml file in each directory where a secret (e.g. a token) is needed
• This file is not committed, since the secret path is user-specific
• Fnox then loads the env var only in the directories where it is required
This works, but it has a few drawbacks.
Current issues
1. Configuration duplication
I end up duplicating the same fnox.toml logic in multiple subdirectories, which feels error-prone and tedious.
2. Root-level fnox.toml is too broad
If I move fnox.toml to the repository root:
• The secret is loaded everywhere
• Even in directories where it is not needed
• This feels conceptually wrong and potentially worse from a security standpoint (over-exposing secrets)
3. Lack of lazy-loading semantics
Ideally, secrets should be:
• Declared once
• Loaded only when entering a directory that actually needs them
Question / idea
If Mise and Fnox were more tightly integrated, would it be possible to support a lazy-loading model, such as:
• Declaring the secret source once (e.g. in a single fnox.toml or shared config)
• Declaring where the secret is required (e.g. via mise.toml)
• Fnox only loading the secret when entering a relevant subdirectory
Conceptually something like:
• “This directory (or tool) requires MY_TOKEN”
• Fnox provides how to fetch it
• Mise triggers or allows Fnox to load it on demand, not globally
Goals
What I’m trying to achieve:
• No committed secret configuration
• No duplication of fnox.toml files
• Secrets loaded only where needed
• Clear declaration of secret requirements
• No global over-exposure of secrets
Is there a recommended pattern for this today? Or is this something that would require new integration features between Mise and Fnox?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hi 👋
I’m using Mise together with Fnox to manage secrets as environment variables.
After experimenting a bit, my current workaround is the following:
• I create a local fnox.toml file in each directory where a secret (e.g. a token) is needed
• This file is not committed, since the secret path is user-specific
• Fnox then loads the env var only in the directories where it is required
This works, but it has a few drawbacks.
Current issues
1. Configuration duplication
I end up duplicating the same fnox.toml logic in multiple subdirectories, which feels error-prone and tedious.
2. Root-level fnox.toml is too broad
If I move fnox.toml to the repository root:
• The secret is loaded everywhere
• Even in directories where it is not needed
• This feels conceptually wrong and potentially worse from a security standpoint (over-exposing secrets)
3. Lack of lazy-loading semantics
Ideally, secrets should be:
• Declared once
• Loaded only when entering a directory that actually needs them
Question / idea
If Mise and Fnox were more tightly integrated, would it be possible to support a lazy-loading model, such as:
• Declaring the secret source once (e.g. in a single fnox.toml or shared config)
• Declaring where the secret is required (e.g. via mise.toml)
• Fnox only loading the secret when entering a relevant subdirectory
Conceptually something like:
• “This directory (or tool) requires MY_TOKEN”
• Fnox provides how to fetch it
• Mise triggers or allows Fnox to load it on demand, not globally
Goals
What I’m trying to achieve:
• No committed secret configuration
• No duplication of fnox.toml files
• Secrets loaded only where needed
• Clear declaration of secret requirements
• No global over-exposure of secrets
Is there a recommended pattern for this today? Or is this something that would require new integration features between Mise and Fnox?
Thanks 🙏
Beta Was this translation helpful? Give feedback.
All reactions